Security Awareness: Asking the Right Questions to Protect Information

Slides:

Advertisements

Similar presentations

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Advertisements

Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

For further information computersecurity.wlu.ca

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

1 Computer Security: Protect your PC and Protect Yourself.

Desktop 1 Owning the Desktop: Is.edu like.com? Scott Bradner Harvard University University Technology Security Officer 28 June 2006.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

1.1 System Performance Security Module 1 Version 5.

Securing Your Home Computer Securing Your Home Computer Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

In the old days... You Your computer. Then came... The Network.

 Physical protection and Simple measures  Passwords  Firewalls  Anti-Virus, Spyware and Malware  Web browsers   Patches  Wireless  Encryption.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.

Computer Security! Emma Campbell, 8K VirusesHackingBackups.

How can IT help you today?. Agenda Why Do You Care? What Are The Risks? What Can You Do? Questions? How can IT help you today? 2.

Joel Rosenblatt Director, Computer and Network Security September 10, 2013.

Small Business Security Keith Slagle April 24, 2007.

Keeping Your Computer Safe and Running Efficiently.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.

Computer Security Sample security policy Dr Alexei Vernitski.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Lesson 13 PROTECTING AND SHARING DOCUMENTS

Library IT - Security and Remote Access

Chapter Objectives In this chapter, you will learn:

Common Methods Used to Commit Computer Crimes

Unit 4 IT Security.

Homeland Security: Computer Protection

How to build a good reputation online

Home Computer Security

Before You Click SAVE.

Answer the questions to reveal the blocks and guess the picture.

Unit 4 IT Security.

Lesson 13 PROTECTING AND SHARING DOCUMENTS

Staying Austin College

Backup your Data © EIT, Author Gay Robertson, 2017.

Information Security Session November 11, 2004

Computer Security for Businesses

Protecting Your Identity:

Information Security Session October 24, 2005

Lesson 2: Epic Security Considerations

Information Security Awareness

Cybersecurity Am I concerned?

9 ways to avoid viruses and spyware

Implementing Client Security on Windows 2000 and Windows XP Level 150

Lesson 2: Epic Security Considerations

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Lesson 2: Epic Security Considerations

IS4680 Security Auditing for Compliance

Network Locations in Windows 7

6. Application Software Security

Presentation transcript:

Security Awareness: Asking the Right Questions to Protect Information Keith A. Watson, CISSP Research Engineer Center for Education and Research and Information Assurance and Security

Overview A Brief Intro to Information Security Responsibility Knowledge Contacts

A Brief Intro to Information Security Information Security is the Process of Protecting Information and Information Resources

Information Security Intro Information assets are the most critical and most valuable Applies to information in electronic and physical forms Three primary goals Confidentiality Integrity Availability

Information Security Examples (Confidentiality) What would happen if sample information were accidentally published to web site? (Integrity) How reliable would sample information be if it could be modified by anyone on the network? (Availability) How would you get any work done if all the mice disappeared?

Responsibility Who? Why?

Who is Responsible? Are you responsible for the security of your system? Is the system administrator responsible? Do you have the administrator password for your system?

Answers You Might Not Like You are at least partly responsible for the security of the information on the system. The system administrator might be responsible for the security of the system. If you have the administrator password, then you are probably responsible for everything.

But wait, I’m not an admin… Find someone else to be in charge of the security of the system Someone who will take an active part in managing the system Give up your admin password and live the life of a lowly user

Why am I in charge? You have no system admin Policy puts you in charge No budget for one Can’t find one (industry pays better) You have one, but he can’t be trusted Policy puts you in charge You create it, you manage it (functional data owner policy) Decentralized control You manage the system. The admin answers your questions.

Knowledge What? How?

The Bare Minimum Update that System! Back it Up! Worms, Viruses, Spyware, Oh My! *#@^%$&! Shields Up!

Update that System! Is your system up to date? Windows (and Mac) Linux Run software update tools at least on the second Tuesday of the month (Windows patch release day) Turn on auto updates (catch off-cycle patches) Linux Check for updates at least weekly (yum, RHN, etc) If you don’t manage updates, make sure your admin follows these guidelines

Back it Up! Back up strategy: Methods: Critical/Important data daily Systems at least weekly Methods: External drives (USB/Firewire) Tapes Servers

Worms, Viruses, Spyware, Oh My! You should have anti-virus/spyware software installed and updating daily Scan every Attachment File downloaded If you didn’t install and configure the anti-virus/spyware software, find out who did Make sure it is enabled and auto updating

*#@^%$&! Strong Passwords We have too many passwords to remember The “Music Method’: Chose the words from a song: “Mary had a little lamb whose fleece was…” Select the first letters of the words: “M h a l l w f w” Change some of the letters to numbers: “M4a1lwfw” Change some letters to upper case: “M4A1lWfw”

*#@^%$&! Stronger Passwords We have too many systems to use The “Variations on a Theme” Method: Using your MM password, modify the trailing characters for different systems: “M4A1lWnP” ==> network password “M4A1lWw5” ==> web site password “M4A1lWSv” ==> server password

Shields Up! Screen Locks On Enable screensavers with passwords Lock the screen when you step away Use an idle timeout to auto lock it 10 minutes is probably good enough

Shields Up! Firewalls Software On Desktop firewall software prevents some network-based inbound attacks Some limit outbound connections as well Modern operating systems have a firewall Turn it on Enable/Allow the net services that you use

Shields Up! “Unnecessary Stuff” Off Remove unneeded software Fewer vulnerabilities to worry about Save some disk space too Turn off unnecessary services Fewer ways an attacker can get to you Improve performance too

Some Extra Stuff Above the Bare Minimum Encrypt that Data! Lock that Door, Desk, and Cabinet! Glue that Computer Down!

Encrypt that Data! Disk encryption Email encryption Stolen hardware has interesting info on it Windows XP EFS Mac OS X FileVault PGP Disk Email encryption Email is like a postcard, anyone can read it PGP or GPG S/MIME (most modern mail tools support it)

Lock that Door, Desk, and Cabinet! Better Physical Security needed Have rules about locking labs and offices Move your sensitive paperwork into file cabinets before you go home Lock up your expensive gizmos in a desk

Glue that Computer Down! Computers are getting smaller and sprouting legs Laptops Get a cable lock Use it at the office and when you travel Desktops Get a steel cage lock box or cable kit Two-sided carpet tape works too!

Contacts Who? Why?

Who do I contact? If a law has been broken, call the police Ask for an officer responsible for computer crimes They may refer you to other agencies (FBI, Secret Service, state police, etc.) Be aware that they may take your system away for analysis

Who do I contact? If there is a problem with your system, unplug it from the network Do NOT turn it off! Call the admin and/or your local security person

Contact Pitfalls No one knows what to do No one wants to do anything Next steps (before you plug it into the network): Reinstall system from original media (update) Configure security options (FW, AV/S, etc) Restore user/project data from backup

Summary Information is critical to the mission of the NPDN Determine responsibility for security. Improve the security of your systems. Find out what to do when things go wrong.